Zentraler Informatikdienst der TU Wien
Beispiele
Einige von Benutzern zur Verfügung gestellte Beispiele.
PHP
if (! isset($_GET[error]))
{
// Start with generating the Hash to Compare:
$client_hostname = strtolower($REMOTE_HOST);
if ($client_hostname == "") $client_hostname = "nil";
$mow = intval(time()/10);
$time_stamps = array();
$time_stamps[0] = $mow;
$time_stamps[1] = $mow - 1;
$time_stamps[2] = $mow + 1;
$time_stamps[3] = $mow - 2;
$time_stamps[4] = $mow + 2;
$time_stamps[5] = $mow - 3;
$line = date("Y-m-d H:i:s");
$line .= ": ";
$line .= "$user : $client_hostname : ";
$authorized = false;
foreach ($time_stamps as $stamp)
{
$string = $user . $stamp . $client_hostname . $shared_secret;
$hash = hash('sha1', $string);
if ($hash == $sKey)
{
$authorized = true;
}
}
$mn = $user;
// If Authorized, then display wanted information
if ($authorized)
{
}
else
{
$line .= "ERROR\n";
echo "<H3>Konnte Sie nicht Validieren!!</H3>\n";
echo "<A HREF=\".\">Versuchen Sie es nocheinmal!</A><br>\n";
}
} else
{
if ($_GET[error] == "user")
{
echo "Kein passender User gefunden!<br>\n";
$line .= "User unknown ($REMOTE_HOST)\n";
}
if ($_GET[error] == "password")
{
echo "Falsches Passwort! <A HREF=\"./\">Bitte nochmals versuchen!</A><br>\n";
$line .= $_GET[user]." ($REMOTE_HOST): Falsches Passwort!\n";
}
}
PHP - zusätzliche Attribute
<?php
/****************************************************************************
* authenticate_zid.php
* $Id: authenticate_zid.php,v 1.5 2010/03/05 14:10:15 manfred Exp $
*
***************************************************************************/
/***************************************************************************
* function authenticate_zid
* parameter aus _GET Array: sKey, user, host (wenn eingetragen), sowie
* zusaetzlich gewuenschte Attribute
*
* @param string $key ... sKey vom Zid Authentifizierungsserver
* @param string $user ... user vom Zid Authentifizierungsserver
* @param string $shared_secret ... shared_secret Zid Authentifizierungsserver
* @return boolean authentifiziert ... true/false
*
***************************************************************************/
function authenticate_zid( $shared_secret ) {
$debug = true;
if ( isset( $_GET[ 'sKey' ] ) && $_GET[ 'sKey' ] != "" ) {
$sKey = $_GET[ 'sKey' ];
}
else {
return( false );
}
if ( isset( $_GET[ 'user' ] ) && $_GET[ 'user' ] != "" ) {
$user = $_GET[ 'user' ];
}
else {
return( false );
}
if ( !isset( $_GET[ 'error' ] ) ) {
$client_ip = $_SERVER[ 'REMOTE_ADDR' ];
if ( !isset( $_GET[ 'host' ] ) ) {
$client_hostname = strtolower( gethostbyaddr( $client_ip) );
if ( $client_hostname == $client_ip || $client_hostname == "" ) {
$client_hostname = "nil";
}
}
else {
$client_hostname = $_GET[ 'host' ];
}
$mow = intval(time()/10);
$tolerance = 5; // zeittoleranz in x * 10sec
$time_stamps = array();
$time_stamps[0] = $mow;
for ( $j = 1 ; $j < $tolerance ; $j++ ) {
array_push( $time_stamps, $mow - $j , $mow + $j );
}
$add = "";
if (isset( $_GET['firstName'] ) && $_GET['firstName'] != "" ) {
$add.= $_GET['firstName'];
}
if (isset( $_GET['lastName'] ) && $_GET['lastName'] != "" ) {
$add.= $_GET['lastName'];
}
if (isset( $_GET['title'] ) && $_GET['title'] != "" ) {
$add.= $_GET['title'];
}
if (isset( $_GET['mail'] ) && $_GET['mail'] != "" ) {
$add.= $_GET['mail'];
}
if (isset( $_GET['phone'] ) && $_GET['phone'] != "" ) {
$add.= $_GET['phone'];
}
foreach ($time_stamps as $stamp) {
$string = $user . $add . $stamp . $client_hostname . $shared_secret;
$hash = hash('sha1', $string);
if ($hash == $sKey) {
// authentifiziert
return( true );
}
}
}
return( false );
}
?>
Perl
sub authenticated {
local($sharedsecret) = @_;
my $mow = int(time/10);
my $tolerance=5;
my @time_stamps = ($mow);
foreach $i (1..$tolerance) {
push @time_stamps, $mow-$i,$mow+$i;
}
return undef if CGI::param('error');
my $rechner = lc CGI::remote_host() || 'nil';
my $skey = CGI::param('sKey');
my $oid = CGI::param('user');
print "oid=$oid,rechner=$rechner,key=$skey<br>" if $Debug;
my $authorized = 0;
foreach $stamp (0 .. $#time_stamps)
{
$string = $oid.$time_stamps[$stamp].$rechner.$sharedsecret ;
my $check_hash = Digest::SHA1::sha1_hex($string);
if ($check_hash eq $skey) {
$authorized = $oid;
last;
}
}
return $authorized;
}
Java
// request of type javax.servlet.HttpServletRequest
String error = request.getParameter("error");
if (error == null) {
// equal to CGI variable $REMOTE_HOST
String host = request.getRemoteHost();
// rudimentary IP address pattern
String regex = "\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}";
if ((host == null) || (host.trim().equals(""))) {
host = "nil";
} else if (host.matches(regex)) {
// try to manually resolve host name
host = InetAddress.getByName(host).getHostName();
// just make sure that we did not get an IP address again
if (host.matches(regex)) {
host= "nil";
}
} else {
// everything went fine (host names must be lower case)
host = host.toLowerCase();
}
// divide current seconds by 10
int now = (int)(System.currentTimeMillis()/10000);
int entries = 20;
// be very tolerant
int[] times = new int[entries * 2];
for (int i = 0; i < entries; ++i) {
times[i] = now - i + 1;
}
for (int i = 0; i < entries; ++i) {
times[i + entries] = now + i + 1;
}
String user = request.getParameter("user");
String sKey = request.getParameter("sKey");
if ((user == null) || (sKey == null) ||
(user.equals("")) || (sKey.equals(""))) {
request.setAttribute("msg", "No user/session specified.");
request.getRequestDispatcher("index.jsp").forward(request, response);
} else {
boolean authorized = false;
try {
for (int i = 0; i < times.length; ++i) {
String key = user + times[i] + host + "sharedSecret";
byte[] hash = MessageDigest.getInstance("SHA-1").digest(key.getBytes());
String hex = new String(new org.apache.commons.codec.binary.Hex().encode(hash));
if (hex.equals(sKey)) {
authorized = true;
break;
}
}
} catch (NoSuchAlgorithmException nsae) {
request.setAttribute("msg", "Fatal Error. Please contact site admin.");
request.getRequestDispatcher("index.jsp").forward(request, response);
}
if (authorized) {
// start new session and forward to main application
} else {
request.setAttribute("msg", "Authorization failed.");
request.getRequestDispatcher("index.jsp").forward(request, response);
}
}
} else {
if (error.equals("username")) {
request.setAttribute("msg", "No such user exists.");
request.getRequestDispatcher("index.jsp").forward(request, response);
} else if (error.equals("password")) {
request.setAttribute("msg", "Invalid password provided.");
request.getRequestDispatcher("index.jsp").forward(request, response);
} else {
request.setAttribute("msg", "Authorization failed.");
request.getRequestDispatcher("index.jsp").forward(request, response);
}
}
